The hacking on the Your Employment portalfrom the Ministry of Labor and Social Security (Mintrab), occurs in a context in which an analyst had already warned about structural weaknesses in the State’s digital systems.
On April 15, 2026, an analysis prepared by journalist and researcher Luis Assardo showed that government platforms operate with known vulnerabilities and without basic security configurations, conditions that facilitate cyber attacks.
Publications on social networks indicated that cybercriminals had extracted more than 200 thousand records and 40 GB of resumes, with data such as personal identification documents (DPI), contacts and work and salary history.
“The job portal server still accepted connections with TLS 1.0 and TLS 1.1, protocols that the industry declared obsolete in 2020. It did not support TLS 1.3, the current standard. None of the ministry’s 14 subdomains implemented Content-Security-Policy or HSTS, the two most basic defenses that a web server can have,” Assardo wrote in his X account.
Same attack pattern
The report links the incident with the attack that occurred on April 10 against the General Directorate of Arms and Ammunition Control (Digecam).
In both cases, the same actor is mentioned, identified as “GordonFreeman”, who in the second attack would have operated with other members.
System operated without basic controls
According to the analysis, the attack on the Tu Empleo portal did not require exploiting complex vulnerabilities.
Assardo indicates that the system interface lacked access controls, which would have allowed data extraction without major barriers.
Additionally, the server used security protocols considered obsolete and did not implement basic configurations such as content security policies or mechanisms that enforce encrypted connections.
“What makes this case particularly serious is that they did not have to make any effort. According to the attackers’ own publication, the API of the Your Employment portal had no access control. None,” Assardo wrote.
You might be interested in: Defense will assume cybersecurity of the State by order of the Executive
Mintrab attributes failure to old API
In a statement, Mintrab confirmed that the attack was directed at the software that manages the Tu Empleo platform and that the security breach was due to the use of an old interface programming code (API), which has already been mitigated.
He explained that, after detecting the incident on Sunday, April 26, 2026, the platform was temporarily deactivated to carry out investigations. The system was later restored with additional security measures, although it did not detail the amount of information that the hackers they stole
In addition, he assured that the Information Systems Directorate implemented actions to correct the vulnerability and safeguard the integrity of institutional information.
Previous warnings
Assardo’s analysis of April 15, carried out after the attack on Digecam, showed that the problem is not isolated.
The study evaluated 134 Guatemalan government websites and determined that:
- 64% obtained a D rating in safety
- 87% lack content security policies
- 79% do not implement mechanisms that force encrypted connections
- 92% allow access without encryption
According to the report, these failures correspond to basic security practices that are not widely applied in the State.
Digecam, which was the victim of a recent attack, obtained 41 points out of 100 in that evaluation, a rating similar to that of other public entities.
The analysis warns that these types of conditions allow automated attacks to be successful on multiple government platforms, not just specific systems.
What is Your Mintrab Job?
Your Employment is a labor intermediation platform that connects companies with people looking for work. In it, companies publish vacancies and users apply according to their profile.
The Mintrab assured that it works to protect user information and prevent security incidents.
Chamber of Industry asks to investigate
Through a statement, the Guatemalan Chamber of Industry indicated that the industrial sector regrets the situation, since it facilitates crimes such as identity theft, extortion and financial fraud, which affects the privacy and security of thousands of Guatemalans.
“We ask the authorities to carry out an exhaustive forensic investigation to deduce legal responsibilities for the custody of this information,” the document states.
In addition, the entity called to guarantee the protection of citizen data, considering that it is the obligation of the State to protect the privacy and integrity of the information under its administration.
He also raised the need to create cybersecurity teams throughout the public administration, dedicated to validating and updating systems to eliminate vulnerabilities.